Cyber Bites

The government will provide £10 million over four years “to develop groundbreaking cybersecurity technologies,” as part of its commitment to increase investment in R&D to 2.4 percent of GDP by 2027, Digital Secretary Oliver Dowden announced. Nine winning research teams share the £10 million investment under the government’s Digital Security by Design programme, which aims to help the tech infrastructure of UK organisations and digital devices be more resilient to cyberattacks. Grant winners are creating...

Hacker groups that engage in web skimming (also known as Magecart) attacks have breached the web stores of two of the world's biggest retail chains -- accessories store Claire's and sporting goods retailer Intersport. According to reports published today by security firms Sanguine Security and ESET, hackers breached the two companies' websites and hid malicious code that would record payment card details entered in checkout forms. According to Sanguine Security's Willem de Groot, Claire's website was compromised...

European energy company giant Enel Group suffered a ransomware attack a few days ago that impacted its internal network. Detected on June 7, the incident is the work of EKANS (SNAKE) ransomware operators, the group that also targeted Honda earlier this week. Enel Group confirmed for BleepingComputer that its internal IT network was disrupted on Sunday evening following a ransomware attack caught by their antivirus before the malware could spread. Dealing with the incident required isolating the...

Social networking giant Twitter disclosed today three new state-linked information operations that have been taking place on its platform this year. As a result of its investigation, Twitter said it banned and removed 32,242 accounts that were part of networks operated out of China, Russia, and Turkey, all three pushing local political agendas and narratives, and associated with state-sponsored entities. Of the three networks, the largest was the one based in China. Twitter said it banned 23,750...

The City of Knoxville, Tennessee, was forced to shut down its entire computer network following a ransomware attack that took place overnight and targeted the city's offices. Knoxville has a population of over 180,000, it's Tennessee's third-largest city after Nashville and Memphis, and it's also part of the Knoxville Metropolitan Statistical Area, with a reported population of almost 870,000 in 2015. Computers on Knoxville's network were encrypted overnight, with the attack being noticed by employees of the city's fire department around...

Fortune 500 insurance holding company Genworth Financial disclosed a data breach after an unauthorized party gained access to insurance agents' online accounts using compromised login credentials. The U.S. mortgage and long term care insurer had revenue of $8,6 billion during the last fiscal year and it reached a deal with China Oceanwide Holdings Group that will allow the Chinese company to buy Genworth for $2.7 billion. Genworth's services and products are offered through financial advisors, intermediaries, as...

TAIT, one of the world's leading live event solutions providers, disclosed a data breach that led to the exposure of personal and financial information stored on a server and on the email accounts of some of its employees. The TAIT group of companies (Brilliant, Kinesys, Production Glue, Stage Technologies, TAIT UK, and TAIT Navigator) employs over 900 people in 14 office locations around the world and has been a provider of live experience solutions in over 30...

The increasingly prevalent GuLoader malware has been traced back to a far-reaching encryption service that attempts to pass as above-board. An Italian company that sells what it describes as a legitimate encryption utility is being used as malware packer for the cloud-delivered malicious GuLoader dropper, claim researchers. The tool, according a recent investigation, creates GuLoader samples and helps the malware avoid antivirus detection. For its part, the company claims it has taken steps to prevent...

Slovak authorities have arrested four suspects on Tuesday as part of an investigation into a series of suspicious devices found connected to the government's official IT network. According to local news site Aktuality, the equipment is believed to have been used for wiretapping purposes and would have allowed threat actors to intercept both internet and telephony operations. The devices, believed to be some type of servers, were connected to GOVNET, a network that interconnects different Slovak...

Microsoft has published a report today detailing a never-before-seen series of attacks against Kubeflow, a toolkit for running machine learning (ML) operations on top of Kubernetes clusters. The attacks have been going on since April this year, and Microsoft says its end-goal has been to install a cryptocurrency miner on Kubernetes clusters running Kubeflow instances exposed to the internet. According to Yossi Weizman, a security researcher with Microsoft's Azure Security Center, the company has detected...